{ "id": "bundle--d78ba103-338b-462f-a8db-153e92284a36", "objects": [ { "created": "2014-06-23T00:00:00.000Z", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "description": "This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statistical techniques, such as standard deviation, can be used to determine how predictable the sequence number generation is for a system. This result can then be compared to a database of operating system behaviors to determine a likely match for operating system and version.", "external_references": [ { "external_id": "CAPEC-324", "source_name": "capec", "url": "https://capec.mitre.org/data/definitions/324.html" }, { "external_id": "CWE-200", "source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/200.html" }, { "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", "external_id": "REF-33", "source_name": "reference_from_CAPEC" }, { "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", "external_id": "REF-128", "source_name": "reference_from_CAPEC", "url": "http://www.faqs.org/rfcs/rfc793.html" }, { "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", "external_id": "REF-212", "source_name": "reference_from_CAPEC" }, { "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", "external_id": "REF-130", "source_name": "reference_from_CAPEC", "url": "http://phrack.org/issues/51/11.html" } ], "id": "attack-pattern--12d80b47-8e4c-4646-bcc3-2bd7059a44e1", "modified": "2018-07-31T00:00:00.000Z", "name": "TCP (ISN) Sequence Predictability Probe", "object_marking_refs": [ "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d" ], "spec_version": "2.1", "type": "attack-pattern", "x_capec_abstraction": "Detailed", "x_capec_child_of_refs": [ "attack-pattern--6227a1fc-7504-4a5f-b5b2-4c4f1fe38617" ], "x_capec_consequences": { "Access_Control": [ "Bypass Protection Mechanism", "Hide Activities" ], "Authorization": [ "Bypass Protection Mechanism", "Hide Activities" ], "Confidentiality": [ "Read Data", "Bypass Protection Mechanism", "Hide Activities" ] }, "x_capec_domains": [ "Software" ], "x_capec_likelihood_of_attack": "Medium", "x_capec_prerequisites": [ "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." ], "x_capec_resources_required": [ "A tool capable of sending and receiving packets from a remote system." ], "x_capec_status": "Stable", "x_capec_typical_severity": "Low", "x_capec_version": "3.9" } ], "type": "bundle" }